Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index 

Le jeu. 16 août 2012 19:38:31 CEST, NoOp a écrit:


On 08/16/2012 04:45 AM, Philippe Naudin wrote:

Hello,

I am using LibreOffice x86_64 on Linux, installed from official rpms.
Since it got updated to Version 3.6.0.4 (Build ID: 932b512), rkhunter
whines : 
  Checking for packet capturing applications
  Warning: Process '/opt/libreoffice3.6/program/soffice.bin' (PID 15079) is listening on the 
network.

lsof -i doesn't show anything related to soffice, but lsof -U shows : 
  COMMAND     PID    USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
  soffice.b 15079  naudin   11u  unix 0xffff8100883b7c80      0t0 352208 socket
  X          2924    root   44u  unix 0xffff8100883b7980      0t0 352209 /tmp/.X11-unix/X0
  soffice.b 15079  naudin   12u  unix 0xffff8100883b7680      0t0 352210 
/tmp/OSL_PIPE_1058_SingleOfficeIPC_474aee6e854ee537ef2ad5a42cd51fe9
  soffice.b 15079  naudin   22u  unix 0xffff8100883b7080      0t0 352223 socket
  X          2924    root   46u  unix 0xffff8100883b7380      0t0 352224 /tmp/.X11-unix/X0

The same rkhunter has no problem with LibreOffice 3.5.4.2, Build ID:
165a79a-7059095-e13bb37-fef39a4-9503d18, also an official rpm for Linux
x86_64. 
But LibreOffice-3.5 only use one socket, the /tmp/OSL_PIPE one. 

Is there a way to turn off these extra sockets in 3.6 ?

Thanks,



I can't replicate on the deb version with:
Rootkit Hunter version 1.3.8

What version of rkhunter & have you:
 rkhunter --update
to ensure that your rkhunter is up to date?

Version 3.6.0.4 (Build ID: 932b512)

I won't be able to check an rpm version until later - sorry.


Hi,

Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5.

Of course I can get rkhunter silent with something like
DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin".
In this case it will not complain about LibreOffice listening on
the network... even when I open a file with some malware inside.

Can you check the output of this command :
lsof -U | grep soffice

With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but
with LibreOffice-3.6 I get two more lines, two unix sockets.

Regards,

-- 
Philippe Naudin

-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.